[Live-devel] Media level SDP lines exceed memory allocation

[Michael Brimer]

Hi,

I'm a new subscriber working on security cameras.

I'm experiencing an RTSP server crash in the DESCRIBE phase which I have traced to the function ServerMediaSession::generateSDPDescription().
In this function, I think the sdpLength is being calculated based on the length of the session-level description.
However, at the end of the function, when the media-level description lines are appended, I believe that the previous memory allocation is being exceeded.
I found that the server would crash when I was returning a large media-level description due to a large "a=fmtp:96..." string.
Temporarily increasing sdpLength by 400 bytes fixed the problem.
When the media-level description was a smaller length, the server did not crash but I guess there was still possible data corruption occurring unless you are building in some allowance for the maximum media-level description when calculating sdpLength.

Found on version 2013.11.15.
I am currently upgrading to latest version but by code inspection I guess this is still likely to occur.

If you need any further info, please let me know.

Regards,
Mike Brimer
Oncam Grandeye

This communication is for the exclusive use of the addressee and may contain information that is private and confidential. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication and its attachments is strictly prohibited. If you have received this information in error please contact the sender and delete the communication from your system. Any views or opinions presented are solely those of the author and do not necessarily represent those of Oncam Grandeye unless specifically stated.


This message has been scanned for malware by Websense. www.websense.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20140210/a9fb0b96/attachment.html>